Running bundle install with the correct user

OPS-1243

Running bundle install with the correct user
OPS-1243
c44bfd00 · Clinton Blackburn · Clinton Blackburn · 962465b1 · c44bfd00 · c44bfd00
Commit c44bfd00 authored Jan 05, 2016 by Clinton Blackburn Committed by Clinton Blackburn Jan 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 32 deletions

playbooks/roles/forum/meta/main.yml
+1 -3

playbooks/roles/forum/tasks/deploy.yml
+1 -4

playbooks/roles/forum/tasks/main.yml
+12 -8

playbooks/roles/local_dev/tasks/main.yml
+0 -17

No files found.
--- a/playbooks/roles/forum/meta/main.yml
+++ b/playbooks/roles/forum/meta/main.yml
@@ -3,8 +3,6 @@ dependencies:
  - common
  - supervisor
  - role: rbenv
-    # TODO: setting the rbenv ownership to
-    # the common_web_user is a workaround
-    rbenv_user: "{{ common_web_user }}"
+    rbenv_user: "{{ forum_user }}"
    rbenv_dir: "{{ forum_app_dir }}"
    rbenv_ruby_version: "{{ forum_ruby_version }}"
--- a/playbooks/roles/forum/tasks/deploy.yml
+++ b/playbooks/roles/forum/tasks/deploy.yml
@@ -49,12 +49,9 @@
    - install
    - install:code

-# TODO: This is done as the common_web_user
-# since the process owner needs write access
-# to the rbenv
 - name: install comments service bundle
  shell: bundle install --deployment chdir={{ forum_code_dir }}
-  sudo_user: "{{ common_web_user }}"
+  sudo_user: "{{ forum_user }}"
  environment: "{{ forum_environment }}"
  notify: restart the forum service
  tags:

--- a/playbooks/roles/forum/tasks/main.yml
+++ b/playbooks/roles/forum/tasks/main.yml
@@ -23,18 +23,23 @@

 - name: create application user
  user: >
-    name="{{ forum_user }}" home="{{ forum_app_dir }}"
-    createhome=no
+    name="{{ forum_user }}"
+    home="{{ forum_app_dir }}"
+    createhome=yes
    shell=/bin/false
+    generate_ssh_key=yes
  notify: restart the forum service
  tags:
    - install
    - install:base
-  
- name: create forum app dir
+
+# Ensure the directory is accessible to the web service
+- name: set forum app dir permissions
  file: >
-    path="{{ forum_app_dir }}" state=directory
-    owner="{{ forum_user }}" group="{{ common_web_group }}"
+    path="{{ forum_app_dir }}"
+    state=directory
+    owner="{{ forum_user }}"
+    group="{{ common_web_group }}"
  notify: restart the forum service
  tags:
    - install
@@ -60,4 +65,4 @@
    - install
    - install:base
    
- include: deploy.yml tags=deploy
\ No newline at end of file
+- include: deploy.yml tags=deploy
--- a/playbooks/roles/local_dev/tasks/main.yml
+++ b/playbooks/roles/local_dev/tasks/main.yml
@@ -21,23 +21,6 @@
    group: "{{ common_web_group }}"
  when: edxapp_user is defined

-# Ensure forum user has permissions to access .gem and .rbenv
-# This is a little twisty: the forum role sets the owner and group to www-data
-# So we add the forum user to the www-data group and give group write permissions
- name: add forum user to www-data group
-  user: name={{ forum_user }} groups={{ common_web_group }} append=yes
-  when: forum_user is defined
-
-# Need this in order for the forum user to install and uninstall
-# gems using 'bundle' or 'gem'.  Can't make it 760 because that
-# would break the bin directory under .gem
- name: set forum rbenv and gem permissions
-  file:
-    path={{ item }} state=directory recurse=yes mode="g+rw"
-  with_items:
-    - "{{ forum_app_dir }}/.gem"
-  when: forum_user is defined
-
 # Create scripts to configure environment
 - name: create login scripts
  template: